cd0983b455038fe7233193ad36d61c15

Sharing

Copy URL

Twitter E-mail

General

Target

cd0983b455038fe7233193ad36d61c15
Size

98KB
MD5

cd0983b455038fe7233193ad36d61c15
SHA1

7bf97470b75e57b4c299cfd103cd01e140f5c850
SHA256

b684d23d83a0671cd60ae73454ed1cbdb734a3b53d22f4cd4005e35a60175009
SHA512

3dd42a40f29dd42d71282cba38c4b10579bf20eb405416e076f6b637275c23d62d3de4b894139b3949ac2e04f798c27d6657988ef9305c4f9f4577ae1de329a5
SSDEEP

1536:8rRuhv3kcGhiwYMvCG/PBYSXtAC3+TkehjgphJOLjsceElhT8njJF0klv:8VuhvJGgwPPiSn9ehKJOE4kF0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd0983b455038fe7233193ad36d61c15

Files

cd0983b455038fe7233193ad36d61c15
.exe windows:10 windows x64 arch:x64

f41b87798d00b8f15d03bb04c3c82200

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bfsvc.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
GetTokenInformation

kernel32

UnmapViewOfFile
GetLastError
LocalFree
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVolumeInformationW
FindFirstFileW
HeapFree
SetLastError
FindNextFileW
WriteFile
GetPrivateProfileSectionW
FindClose
GetVolumePathNameW
CreateFileW
GetFileAttributesW
SetFileAttributesW
HeapAlloc
MoveFileExW
GetProcessHeap
CopyFileExW
GetFileInformationByHandle
GetFullPathNameW
FreeLibrary
LoadLibraryExW
GetProcAddress
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
CloseHandle
GetCurrentThread
GetVolumeNameForVolumeMountPointW
DeviceIoControl
GetFileSizeEx
CreateDirectoryW

msvcrt

wcsstr
_snwscanf_s
_wcslwr
wcsnlen
__iob_func
_wcsnicmp
swprintf_s
memset
fflush
wcschr
wcsrchr
memcpy
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsicmp
_vsnwprintf
fwprintf
_vsnwprintf_s

rpcrt4

UuidCreate

imagehlp

CheckSumMappedFile

shell32

CommandLineToArgvW

shlwapi

PathRemoveBackslashW

ntdll

NtEnumerateBootEntries
NtQueryDirectoryObject
NtOpenDirectoryObject
NtTranslateFilePath
NtQueryBootOptions
NtQueryBootEntryOrder
NtQueryValueKey
NtQuerySymbolicLinkObject
NtOpenKey
NtOpenSymbolicLinkObject
RtlImpersonateSelf
NtOpenThreadTokenEx
NtOpenProcessTokenEx
NtAdjustPrivilegesToken
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
LdrAccessResource
LdrFindResource_U
NtOpenFile
NtQueryInformationThread
NtQueryInformationFile
RtlImageNtHeader
NtDeviceIoControlFile
NtSetInformationThread
NtReadFile
NtOpenProcess
NtQueryInformationProcess
RtlNtStatusToDosError
NtClose
RtlInitUnicodeString
NtWriteFile
NtQuerySystemInformation
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f41b87798d00b8f15d03bb04c3c82200

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

rpcrt4

imagehlp

shell32

shlwapi

ntdll

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 27KB - Virtual size: 28KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 27KB - Virtual size: 28KB